[Federal Register Volume 60, Number 241 (Friday, December 15, 1995)]
[Proposed Rules]
[Pages 64408-64411]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-30357]



-----------------------------------------------------------------------


ENVIRONMENTAL PROTECTION AGENCY
48 CFR Parts 1535 and 1552

[FRL-5332-3]


Acquisition Regulation; Confidential Business Information

AGENCY: Environmental Protection Agency.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Environmental Protection Agency (EPA) is proposing to 
revise its acquisition regulation by revising both the prescription for 
use of solicitation provisions and contract clauses regarding 
collection, use, access, treatment, and disclosure of confidential 
business information (CBI), and adding solicitation provisions and 
contract clauses on CBI.

DATES: Written comments should be submitted to the contact listed below 
not later than February 13, 1996.

ADDRESSES: Comments and data may also be submitted electronically by 
sending electronic mail (e-mail) to: Senzel.L[email protected]. 
Electronic comments must be submitted as an ASCII file avoiding the use 
of special characters and any form of encryption. Comments and data 
will also be accepted on disks in WordPerfect in 5.1 format or ASCII 
file format. No Confidential Business Information (CBI) should be 
submitted through e-mail. Electronic comments on this proposed rule may 
be filed online at many Federal Depository Libraries.

FOR FURTHER INFORMATION CONTACT: Louise Senzel, Environmental 
Protection Agency, Office of Acquisition Management (3802F), 401 M 
Street, SW, Washington, D.C. 20460. Telephone: (202) 260-6204.

SUPPLEMENTARY INFORMATION:

A. Executive Order 12866

    The proposed rule is not a significant regulatory action for the 
purposes of Executive Order 12866; therefore, no review is required by 
the Office of Information and Regulatory Affairs.

B. Paperwork Reduction Act

    The Paperwork Reduction Act does not apply because this proposed 
rule does not contain information collection requirements that require 
the approval of OMB under the Paperwork Reduction Act of 1980 (44 
U.S.C. 3501 et seq.)

C. Regulatory Flexibility Act

    The EPA certifies that this proposed rule does not exert a 
significant economic impact on a substantial number of small entities. 
The requirements to contractors under the proposed rule impose no 
reporting, record-keeping, or any compliance costs.

D. Unfunded Mandates

    This proposed rule will not impose unfunded mandates on state or 
local entities, or others.
    The provisions of this regulation are issued under 5 U.S.C. 301; 40 
U.S.C. 486(c).

List of Subjects in 48 CFR Parts 1535 and 1552

    Government procurement.

    Therefore, Chapter 15 of title 48, Code of Federal Regulations is 
proposed to be amended as set forth below:
    1. The authority citation for parts 1535 and 1552 continue to read 
as follows:

    Authority: Sec. 205(c), 63 stat. 390, as amended, 40 U.S.C. 
486(c).

    2. Section 1535.007 is revised to read as follows:


1535.007  Solicitations.

    (a) Contracting Officers shall insert the following provisions in 
all solicitations when the Contracting Officer has determined that EPA 
may furnish the contractor with confidential business information which 
EPA has obtained from third parties under the Federal Insecticide, 
Fungicide and Rodenticide Act (7 U.S.C. 136 et seq.).
    (1) 1552.235-72 Control and Security of Federal Insecticide, 
Fungicide, and Rodenticide Act Confidential Business Information; and
    (2) 1552.235-73 Access to Federal Insecticide, Fungicide, and 
Rodenticide Act Confidential Business Information.
    (b) Contracting Officers shall insert the following provisions in 
all solicitations when the Contracting Officer has determined that EPA 
may furnish the contractor with confidential business information which 
EPA has obtained from third parties under the Toxic Substances Control 
Act (15 U.S.C. 2601 et seq.)
    (1) 1552.235-74 Control and Security of Toxic Substances Control 
Act Confidential Business Information; and
    (2) 1552.235-75 Access to Toxic Substances Control Act Confidential 
Business Information.
    3. Subsection 1535.007-70 is amended by revising paragraphs (b) and 
(c) and adding paragraph (d) through (f) to read as follows:


1535.007-70  Contract clauses.

    (a) * * *
    (b) The Contracting Officer shall insert the clause at 1552.235-71, 
Treatment of Confidential Business Information, in solicitations and 
contracts when the Contracting Officer has determined that in the 
performance of the contract, EPA may furnish confidential business 
information to the contractor obtained from third parties under the 
Clean Air Act (42 U.S.C. 7401 et seq.), the Federal Water Pollution 
Control Act (33 U.S.C. 1251 et seq.), the Safe Drinking Water Act (42 
U.S.C. 300f et seq.), the Federal Food, Drug, and Cosmetic Act (21 
U.S.C. 301 et seq.), the Resource Conservation and Recovery Act (42 
U.S.C. 301 et seq.), the Federal Insecticide, Fungicide and Rodenticide 
Act (7 U.S.C. 136 et seq.), the Comprehensive Environmental Response, 
Compensation, and Liability Act (42 U.S.C. 9601 et seq.), and provision 
1552.235-70, Release of Contractor Confidential Business Information. 
EPA regulations on confidentiality of business information in 40 CFR 
part 2, subpart B, require that the contractor agree to the clause 
entitled ``Treatment of Confidential Business Information'' before any 
confidential business information may be furnished to the contractor.
    (c) The Contracting Officer shall insert the clause at 1552.235-76, 
Treatment of Confidential Business Information, in solicitations and 
contracts when the Contracting Officer has determined that in the 
performance of the contract, EPA may furnish the contractor with 
confidential business information obtained from third parties under the 
Toxic Substances Control Act (15 U.S.C. 2601 et seq.). EPA regulations 
on confidentiality of business information in 40 CFR part 2, subpart B, 
require that the contractor agree to the clause entitled ``Treatment of 
Confidential Business Information'' before any confidential business 
information may be furnished to the contractor.
    (d) The Contracting Officer shall insert the clause at 1552.235-77 
Data Security for Federal Insecticide, Fungicide, Rodenticide Act 
Confidential Business Information, when the contract involves access to 
confidential business information related to the Federal Insecticide, 
Fungicide, Rodenticide Act and the Treatment of Confidential Business 
Information clause (1552.235-71) and the Screening Business Information 
for Claims of Confidentiality clause (1552.235-70) are included. 

[[Page 64409]]

    (e) The Contracting Officer shall insert the clause at 1552.235-78 
Data Security for Toxic Substances Control Act Confidential Business 
Information, when the contract involves access to confidential business 
information related to the Toxic Substances Control Act and the 
Treatment of Confidential Business Information clause (1552.235-76) and 
Screening Business Information for Claims of Confidentiality clause 
(1552.235-70) are included.
    (f) Contracting Officers shall insert the clause 1552.235-79 
Release of Contractor Confidential Business Information in all 
solicitations and contracts in order to authorize the Agency to release 
confidential business information under certain circumstances.
    4. Subpart 1552.2, is amended by revising section 1552.235-72, and 
adding sections 1552.235-73 through 1552.235-79 to read as follows:


1552.235-72  Control and Security of Federal Insecticide, Fungicide, 
Rodenticide Act Confidential Business Information (XXX 1995).

    As prescribed in 1535.007(a), insert the following provision:

Control and Security of Federal Insecticide, Fungicide, Rodenticide Act 
Confidential Business Information (XXX 1995)

    The offeror certifies that--

--The Contractor and its employees have read and are familiar with 
the requirements for the control and security of Federal 
Insecticide, Fungicide, Rodenticide Act confidential business 
information contained in the manual entitled ``Federal Insecticide, 
Fungicide, Rodenticide Act Information Security Manual''. (See also 
1552.235-77 elsewhere in this solicitation.)

(End of Provision)


1552.235-73  Access to Federal Insecticide, Fungicide, Rodenticide Act 
Confidential Business Information (XXX 1995).

    As prescribed in 1535.007(a), insert the following provision:

Access to Federal Insecticide, Fungicide, Rodenticide Act Confidential 
Business Information (XXX 1995)

    In order to perform duties under the contract, the Contractor 
will need to be authorized for access to Federal Insecticide, 
Fungicide, Rodenticide Act (FIFRA) confidential business information 
(CBI). The Contractor and all of its employees handling CBI while 
working under the contract will be required to follow the procedures 
contained in the security manual entitled ``FIFRA Information 
Security Manual''. These procedures include applying for FIFRA CBI 
access authorization for each individual working under the contract 
who will have access to FIFRA CBI, execution of confidentiality 
agreements, and designation by the Contractor of an individual to 
serve as a Document Control Officer. The Contractor will be required 
to abide by those clauses contained in EPAAR 1552.235-70, 1552.235-
71, and 1552.235-77 that are appropriate to the activities set forth 
in the contract.
    Until EPA has approved the Contractor's security plan, the 
Contractor may not be authorized for FIFRA CBI access away from EPA 
facilities.

(End of Provision)


1552.235-74  Control and Security of Toxic Substances Control Act 
Confidential Business Information (XXX 1995).

    As prescribed in 1535.007(b), insert the following provision:

Control and Security of Toxic Substances Control Act Confidential 
Business Information (XXX 1995)

    The offeror certifies that--
--The Contractor and its employees have read and are familiar with 
the requirements for the control and security of Toxic Substances 
Control Act confidential business information contained in the 
manual entitled ``Toxic Substances Control Act Confidential Business 
Information Security Manual''. (See also 1552.235-78 elsewhere in 
this solicitation.)

(End of Provision)


1552.235-75  Access to Toxic Substances Control Act Confidential 
Business Information (XXX 1995).

    As prescribed in 1535.007(b), insert the following provision:

Access to Toxic Substances Control Act Confidential Business 
Information (XXX 1995)

    In order to perform duties under the contract, the Contractor 
will need to be authorized for access to Toxic Substances Control 
Act (TSCA) confidential business information (CBI). The Contractor 
and all of its employees handling CBI while working under the 
contract will be required to follow the procedures contained in the 
security manual entitled ``TSCA Confidential Business Information 
Security Manual''. These procedures include applying for TSCA CBI 
access authorization for each individual working under the contract 
who will have access to TSCA CBI, execution of confidentiality 
agreements, and designation by the Contractor of an individual to 
serve as a Document Control Officer. The Contractor will be required 
to abide by those clauses contained in EPAAR 1552.235-70, 1552.235-
71, and 1552.235-78 that are appropriate to the activities set forth 
in the contract.
    Until EPA has inspected and approved the Contractor's 
facilities, the Contractor may not be authorized for TSCA CBI access 
away from EPA facilities.

(End of Provision)


1552.235-76  Treatment of Confidential Business Information (XXX 1995).

    As prescribed in 1535.007-70(c), insert the following clause:

Treatment of Confidential Business Information (XXX 1995)

    (a) The Project Officer (PO) or his/her designee, after a 
written determination by the appropriate program office, may 
disclose confidential business information (CBI) to the Contractor 
necessary to carry out the work required under this contract. The 
Contractor agrees to use the CBI only under the following 
conditions:
    (1) The Contractor and Contractor's employees shall (i) use the 
CBI only for the purposes of carrying out the work required by the 
contract; (ii) not disclose the information to anyone other than 
properly cleared EPA employees without the prior written approval of 
the Assistant General Counsel for Information Law or his/her 
designee; and (iii) return the CBI to the PO or his/her designee, 
whenever the information is no longer required by the Contractor for 
performance of the work required by the contract, or upon completion 
of the contract.
    (2) The Contractor shall obtain a written agreement to honor the 
above limitations from each of the Contractor's employees who will 
have access to the information before the employee is allowed 
access.
    (3) The Contractor agrees that these contract conditions 
concerning the use and disclosure of CBI are included for the 
benefit of, and shall be enforceable by, both EPA and any affected 
businesses having a proprietary interest in the information.
    (4) The Contractor shall not use any CBI supplied by EPA or 
obtained during performance hereunder to compete with any business 
to which the CBI relates.
    (b) The Contractor agrees to obtain the written consent of the 
CO, after a written determination by the appropriate program office, 
prior to entering into any subcontract that will involve the 
disclosure of CBI by the Contractor to the subcontractor. The 
Contractor agrees to include this clause, including this paragraph 
(b), in all subcontracts awarded pursuant to this contract that 
require the furnishing of CBI to the subcontractor.

(End of Clause)


1552.235-77  Data Security for Federal Insecticide, Fungicide, 
Rodenticide Act Confidential Business Information (XXX 1995).

    As prescribed in 1535.007-70(d), insert the following clause:

Data Security for Federal Insecticide, Fungicide, Rodenticide Act 
Confidential Business Information (XXX 1995)

    The Contractor shall handle Federal Insecticide, Fungicide, 
Rodenticide Act (FIFRA) confidential business information (CBI) in 
accordance with the contract clause entitled ``Treatment of 
Confidential Business Information'' and ``Screening Business 
Information for Claims of Confidentiality,'' the provisions set 
forth below, and the Contractor's approved detailed security plan.
    (a) The Project Officer (PO) or his/her designee, after a 
written determination by the appropriate program office, may 
disclose FIFRA CBI to the contractor necessary to carry out the work 
required under this contract. The Contractor shall protect all FIFRA 
CBI to which it has access (including 

[[Page 64410]]
CBI used in its computer operations) in accordance with the following 
requirements:
    (1) The Contractor and Contractor's employees shall follow the 
security procedures set forth in the FIFRA Information Security 
Manual. The manual may be obtained from the Project Officer (PO) or 
the Chief, Information Services Branch (ISB), Program Management and 
Support Division, Office of Pesticide Programs (OPP) (H7502C), U.S. 
Environmental Protection Agency, 401 M Street, SW, Washington, DC 
20460.
    (2) The Contractor and Contractor's employees shall follow the 
security procedures set forth in the Contractor's security plan(s) 
approved by EPA.
    (3) Prior to receipt of FIFRA CBI by the Contractor, the 
Contractor shall submit a certification statement to the Chief of 
the ISB, with a copy to the Contracting Officer (CO), certifying 
that all employees who will be cleared for access to FIFRA CBI have 
been briefed on the handling, control and security requirements set 
forth in the FIFRA Information Security Manual.
    (4) The Contractor Document Control Officer (DCO) shall obtain a 
signed copy of the FIFRA ``Contractor Employee Confidentiality 
Agreement'' from each of the Contractor's employees who will have 
access to the information before the employee is allowed access.
    (b) The Contractor agrees that these requirements concerning 
protection of FIFRA CBI are included for the benefit of, and shall 
be enforceable by, both EPA and any affected business having a 
proprietary interest in the information.
    (c) The Contractor understands that CBI obtained by EPA under 
FIFRA may not be disclosed except as authorized by the Act, and that 
any unauthorized disclosure by the Contractor or the Contractor's 
employees may subject the Contractor and the Contractor's employees 
to the criminal penalties specified in FIFRA (7 U.S.C. 136h(f)). For 
purposes of this contract, the only disclosures that EPA authorizes 
the Contractor to make are those set forth in the clause entitled 
``Treatment of Confidential Business Information.''
    (d) The Contractor agrees to include the provisions of this 
clause, including this paragraph (d), in all subcontracts awarded 
pursuant to this contract that require the furnishing of CBI to the 
subcontractor.
    (e) At the request of EPA or at the end of the contract, the 
Contractor shall return to the EPA PO or his/her designee all 
documents, logs, and magnetic media which contain FIFRA CBI. In 
addition, each Contractor employee who has received FIFRA CBI 
clearance will sign a ``Confidentiality Agreement for Contractor 
Employees Upon Relinquishing FIFRA CBI Access Authority''. The 
Contractor DCO will also forward those agreements to the EPA PO or 
his/her designee, with a copy to the CO, at the end of the contract.
    (f) If, subsequent to the date of this contract, the Government 
changes the security requirements, the CO shall equitably adjust 
affected provisions of this contract, in accordance with the 
``Changes'' clause when:
    (1) The Contractor submits a timely written request for an 
equitable adjustment; and
    (2) The facts warrant an equitable adjustment.

(End of Clause)


1552.235-78  Data Security for Toxic Substances Control Act 
Confidential Business Information (XXX 1995).

    As prescribed in 1535.007-70(e), insert the following clause:

Data Security for Toxic Substances Control Act Confidential Business 
Information (XXX 1995)

    The Contractor shall handle Toxic Substances Control Act (TSCA) 
confidential business information (CBI) in accordance with the 
contract clause entitled ``Treatment of Confidential Business 
Information'' and ``Screening Business Information for Claims of 
Confidentiality.''
    (a) The Project Officer (PO) or his/her designee, after a 
written determination by the appropriate program office, may 
disclose TSCA CBI to the contractor necessary to carry out the work 
required under this contract. The Contractor shall protect all TSCA 
CBI to which it has access (including CBI used in its computer 
operations) in accordance with the following requirements:
    (1) The Contractor and Contractor's employees shall follow the 
security procedures set forth in the TSCA CBI Security Manual. The 
manual may be obtained from the Director, Information Management 
Division (IMD), Office of Pollution Prevention and Toxics (OPPT), 
U.S. Environmental Protection Agency (EPA), 401 M Street, SW, 
Washington, DC 20460. Prior to receipt of TSCA CBI by the 
Contractor, the Contractor shall submit a certification statement to 
the Director of the EPA OPPT/Office of Program Management and 
Evaluation, with a copy to the Contracting Officer (CO), certifying 
that all employees who will be cleared for access to TSCA CBI have 
been briefed on the handling, control, and security requirements set 
forth in the TSCA CBI Security Manual.
    (2) The Contractor shall permit access to and inspection of the 
Contractor's facilities in use under this contract by 
representatives of EPA's Assistant Administrator for Administration 
and Resources Management, and the TSCA Security Staff in the OPPT, 
or by the EPA Project Officer.
    (3) The Contractor Document Control Officer (DCO) shall obtain a 
signed copy of EPA Form 7740-6, ``TSCA CBI Access Request, 
Agreement, and Approval'' from each of the Contractor's employees 
who will have access to the information before the employee is 
allowed access. In addition, the Contractor shall obtain from each 
employee who will be cleared for TSCA CBI access all information 
required by EPA or the U.S. Office of Personnel Management for EPA 
to conduct a Minimum Background Investigation.
    (b) The Contractor agrees that these requirements concerning 
protection of TSCA CBI are included for the benefit of, and shall be 
enforceable by, both EPA and any affected business having a 
proprietary interest in the information.
    (c) The Contractor understands that CBI obtained by EPA under 
TSCA may not be disclosed except as authorized by the Act, and that 
any unauthorized disclosure by the Contractor or the Contractor's 
employees may subject the Contractor and the Contractor's employees 
to the criminal penalties specified in TSCA (15 U.S.C. 2613(d)). For 
purposes of this contract, the only disclosures that EPA authorizes 
the Contractor to make are those set forth in the clause entitled 
``Treatment of Confidential Business Information.''
    (d) The Contractor agrees to include the provisions of this 
clause, including this paragraph (d), in all subcontracts awarded 
pursuant to this contract that require the furnishing of CBI to the 
subcontractor.
    (e) At the request of EPA or at the end of the contract, the 
Contractor shall return to the EPA PO or his/her designee, all 
documents, logs, and magnetic media which contain TSCA CBI. In 
addition, each Contractor employee who has received TSCA CBI 
clearance will sign EPA Form 7740-18, ``Confidentiality Agreement 
for Contractor Employees Upon Relinquishing TSCA CBI Access 
Authority''. The Contractor DCO will also forward those agreements 
to the EPA OPPT/IMD, with a copy to the CO, at the end of the 
contract.
    (f) If, subsequent to the date of this contract, the Government 
changes the security requirements, the CO shall equitably adjust 
affected provisions of this contract, in accordance with the 
``Changes'' clause when:
    (1) The Contractor submits a timely written request for an 
equitable adjustment; and
    (2) The facts warrant an equitable adjustment.

(End of Clause)


1552.235-79  Release of contractor confidential business information 
(XXX 1995).

    As prescribed in 1535.007-70(f), insert the following clause:

Release of Contractor Confidential Business Information (XXX 1995)

    (a) The Environmental Protection Agency (EPA) may find it 
necessary to release information submitted by the Contractor either 
in response to this solicitation or pursuant to the provisions of 
this contract, to individuals not employed by EPA. Business 
information that is ordinarily entitled to confidential treatment 
under existing Agency regulations (40 CFR part 2) may be included in 
the information released to these individuals. Accordingly, by 
submission of this proposal or signature on this contract or other 
contracts, the Contractor hereby consents to a limited release of 
its confidential business information (CBI).
    (b) Possible circumstances where the Agency may release the 
Contractor's CBI include, but are not limited to the following:
    (1) To other Agency contractors tasked with assisting the Agency 
in the recovery of Federal funds expended pursuant to the 
Comprehensive Environmental Response, Compensation, and Liability 
Act, 42 U.S.C. 9607, as amended, (CERCLA or Superfund);
    (2) To the U.S. Department of Justice (DOJ) and contractors 
employed by DOJ for use in advising the Agency and representing the 
Agency in procedures for the recovery of Superfund expenditures; 

[[Page 64411]]

    (3) To parties liable, or potentially liable, for costs under 
CERCLA Sec. 107 (42 U.S.C. 9607), et al, and their insurers 
(Potentially Responsible Parties) for purposes of facilitating 
settlement or litigation of claims against such parties;
    (4) To other Agency contractors who, for purposes of performing 
the work required under the respective contracts, require access to 
information the Agency obtained under the Clean Air Act (42 U.S.C. 
7401 et seq.); the Federal Water Pollution Control Act (33 
U.S.C.1251 et seq.); the Safe Drinking Water Act (42 U.S.C. 300f et 
seq.); the Federal Insecticide, Fungicide and Rodenticide Act (7 
U.S.C. 136 et seq.); the Resource Conservation and Recovery Act (42 
U.S.C. 6901 et seq.); the Toxic Substances Control Act (15 U.S.C. 
2601 et seq.); or the Comprehensive Environmental Response, 
Compensation, and Liability Act (42 U.S.C. 9601 et seq.);
    (5) To other Agency contractors tasked with assisting the Agency 
in handling and processing information and documents in the 
administration of Agency contracts, such as providing both preaward 
and post award audit support and specialized technical support to 
the Agency's technical evaluation panels;
    (6) To employees of grantees working at EPA under the Senior 
Environmental Enrollee (SEE) Program;
    (7) To Speaker of the House, President of the Senate, or 
Chairman of a Committee or Subcommittee;
    (8) To entities such as the General Accounting Office, boards of 
contract appeals, and the Courts in the resolution of solicitation 
or contract protests and disputes;
    (9) To Agency contractor employees engaged in information 
systems analysis, development, operation, and maintenance, including 
performing data processing and management functions for the Agency; 
and
    (10) Pursuant to a court order or Court-supervised agreement.
    (c) The Agency recognizes an obligation to protect the 
contractor from competitive harm that may result from the release of 
such information to a competitor. (See also the clauses in this 
document entitled ``Screening Business Information for Claims of 
Confidentiality'' and ``Treatment of Confidential Business 
Information.'') Except where otherwise provided by law, the Agency 
will permit the release of CBI under subparagraphs (1), (3), (5), or 
(9) only pursuant to a confidentiality agreement.
    (d) With respect to contractors, 1552.235-71 will be used as the 
confidentiality agreement. With respect to Potentially Responsible 
Parties, such confidentiality agreements may permit further 
disclosure to other entities where necessary to further settlement 
or litigation of claims under CERCLA. Such entities include, but are 
not limited to accounting firms and technical experts able to 
analyze the information, provided that they also agree to be bound 
by an appropriate confidentiality agreement.
    (e) This clause does not authorize the Agency to release the 
contractor's CBI to the public pursuant to a request filed under the 
Freedom of Information Act.
    (f) The Contractor agrees to include this clause, including this 
paragraph (f), in all subcontracts at all levels awarded pursuant to 
this contract that require the furnishing of confidential business 
information by the subcontractor.

(End of Clause)

    Dated: October 30, 1995.
Betty L. Bailey,
Director, Office of Acquisition Management.
[FR Doc. 95-30357 Filed 12-14-95; 8:45 am]
BILLING CODE 6560-50-P